Re: ssh tunnel problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2008-06-23 at 14:10 -0700, Mike wrote:
> On Mon, 23 Jun 2008, Rick Bilonick wrote:
> 
> >
> > On Mon, 2008-06-23 at 13:06 -0400, Rick Bilonick wrote:
> >> How do you explain that this works fine when going from my home computer
> >> to an account on my ISP's computer? I followed an example posted on the
> >> web (which DID have one mistake in using "localhost" which I corrected -
> >> but the other use of "localhost" is AFAIK correct). In order to do a
> >> reverse tunnel, don't you have to point to localhost in order to use the
> >> forwarded port?
> >>
> >> I don't see this as confusing:
> >>
> >> (on my.work.server which is behind a firewall that blocks incoming ssh
> >> but not outgoing ssh)
> >>
> >>> ssh -R 2022:my.work.server:22 me@xxxxxxxxxxxxx
> >>
> >> where "my.work.server" is the IP address for my.work.server and
> >> "home.computer" is the IP address for my home.computer. This sets up the
> >> port forwarding for a reverse tunnel (that's the -R option). If on
> >> home.computer I do:
> >>
> >>> netstat -an | grep 2022
> >>
> >> it shows that home.computer is listening to port 2022.
> >>
> >> Then, to use the reverse tunnel (again on home.computer):
> >>
> >>> ssh -p 2022 accnt@localhost
> >>
> >> where "accnt" is the user account on my.work.server and I use the
> >> password for accnt on my.work.server. This should allow me then to go
> >> through the ssh tunnel in the reverse direction (getting through the
> >> firewall that is blocking the use of incoming ssh from the home computer
> >> to the my.work.server).
> >>
> >> Even after removing everything in hosts.allow on my.work.server, I still
> >> can't connect.
> >>
> >> This SAME set up works fine if I set up the tunnel from my home computer
> >> to my account on my ISP's server. And yes I'm using "localhost" similar
> >> to what I show above. And I've tried it from my.work.server to my
> >> account on my ISP but have the same problem so the problem is something
> >> on my.work.server.
> >>
> >> Is it possible for the firewall to block a reverse tunnel (without
> >> blocking outgoing ssh)?
> >>
> >> Rick B.
> >>
> >
> > One more thing. I just tried this on another Fedora 8 computer hooked to
> > a different network (at the same organization) that has a fire wall
> > blocking incoming ssh. I followed the same strategy as outlined above
> > and it works like a charm. So this procedure DOES work as I've outlined
> > it above IN PRINCIPLE. For some reason, it doesn't work on the other
> > server.
> >
> > Rick B.
> >
> 
> I haven't followed this thread closely but...  On the server that does not 
> work do you know if the line "AllowTcpForwarding yes" is present in 
> /etc/ssh/sshd_config ?
> 
> --Mike
> 

I checked and it was set to "no" but commented. I set it to yes and
un-commented it, restarted the network, but still same error message. I
will have more time tomorrow to redo and include -v, etc.

I'm also planning on setting up my Fedora 8 laptop to replace the server
temporarily to try creating the tunnel on the network. I was able to get
the laptop to work on another network. At least this might let me know
that it's the server configuration that is the problem.

Rick B.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux